Hi,I am in dire need of advice on how to eliminate hacking, and secure my systems. My home wireless network has been hacked and become part of a netbot.This has been going on for about 2 years, nothing I have done has stopped the hackers.I have 2 desktops, 2 laptops, cable modem, and wireless Belkin router, file sharing disabled; and have never done any online transactions. All computers are hacked ( in different ways ), the router is hacked, ISP is hacked, residential private unlisted phone is hacked. No help from local or state police. I have been completely unable to eliminate this problem.I have done the following:

1) consistently used good firewalls, anti-virus programs, anti-malware programs2) have uninstalled and installed different programs when existing ones have been hacked and rendered inoperative3) have changed ISP account names and passwords4) have changed Email passwords, and/or closed Email accounts5) have changed Wireless Network name6) have changed Router Passwords7) FDISKs and total reloads of OS and all else Drive wiping with Drive Scrubber9) have changed private unlisted phone number10) have removed hacker's utilities and programs from systems when I have been able to identify them

I have to eliminate this and secure my systems. Any advice you can give me will be greatly appreciated!

First, I find it odd that you're asking about how much the CEH exam costs, in another thread, while asking about this. It seems that MAYBE you've been poking around to learn some security (for whatever intention) and gotten yourself infected by trying to use some possibly 'less than ethical' material you've pulled down.

That said, IF you're legit... (I'm sorry, but this really does sound fishy to me... how about any other EH-net-ers reading this???)

All of the various things you've mentioned are helpful in eliminating spyware, viruses, rootkits (in the case of total drive wiping), etc. If this truly keeps coming back, I'd only have a couple of good suggestions.

To begin with, if this is as serious as you lead us to believe, disconnect from the internet, before doing anything else. Disconnect your entire home network.

1.) Wipe ALL machines, at the same time, all together, to ensure something isn't returning from one machine to another after cleaning up.

2.) Throw away ALL data you have stored, or at a minimum, have it professionally analyzed, to be sure that you don't have a remnant on USB key, external drives, or other storage media (ie - cdrom / dvd om backups) This includes ANY installation media, with exception of store purchased CD / DVD install media for retail software, such as MS Windows, etc. (Although, you COULD check them out to be safe, since you seem to be getting infected again so quickly, to ensure somehow, you didn't get some crazy, virus-laden media that somehow got onto shelves.)

3.) Email... print any you've wanted to keep saved (including those from online mail, such as GMAIL), then wipe all mail from your mailboxes, both on your local machine and the online mailboxes, to make sure something isn't slipping back in.

4.) remove yourself from ALL social media sites for a while (stop logging into facebook, myspace, etc, in the event you're somehow hitting someone's infected graphics posted therein, on a profile, etc.)

5.) Lastly, if you use a static IP, or if you host your own website and use DYNDNS or something to route to your local box with a hostname, change the hostname you use, or ask the ISP to change your static IP. If EVERYTHING has been wiped, simultaneously, and you've done everything else, I find it hard to believe that someone randomly keeps finding you.

If none of this helps, and you keep getting hit again, then my advice would be to look at your close friends. If your 'home' network has that much equipment, and you're looking to do security, etc, then I'd be willing to bet you've also had other folks you know, near your machines.

That said, though, I think, based on your two separate posts, that I'm not totally certain you're being totally honest here, so think hard before asking the next questions.............

Last edited by hayabusa on Thu Feb 11, 2010 2:21 pm, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

What are the symptoms you are seeing that makes you believe that you have been hacked? Do you have logs, error messages, bandwidth reports, IDS logs, or anything else that has led you to believe that something is fishy?

What encryption are you using on your Wireless router? WEP? WPA? WPAv2??

submitting documentation and reports of what is happening to me, and what I have been able to discover. I requested a Forensic exam. They seem to want some Identity Theft or bank account hacking or something to equal a crime. Hacking into my phone service is a federal crime, but that is being ignored as well. I have not been able to do anything to stop any of this.

I need help. I can't work in this condition.hi hayabasa, I can assure you that I am 100% legit. I am a Paralegal with Investigative training, and a Computer Consultant. working with Windows OS, other software, installations, instruction. I won't say I am a computer whiz, but I am definitely not a newbie. I am about to begin extensive Internet Investigation-related training with Joe Seanor. One of my courses will be preparatory for EH Exam, that I hope to eventually take. I am not currently a hacker in any level, and have no programming experience; nor do I have any Security training, other than the little bit I have taught myself. I have been studying computer forensics as well, and would like to become proficient in that too.

I was checking out the EH Exam Certification website just before posting the question about price; I hadn't read everything on the site at that point, so that did look fishy or stupid.

No, I have never tried to use any 'less than ethical' material; as of yet I wouldn't know how. What happened to me is that I stumbled onto something very nasty; and was put into something that is definitely not your usual botnet ( and I am familiar with them ).

Yes, I did clear all machines at the same time, did all work offline, did not re-install anything. I copied and printed any docs I wanted to keep. ISP was notified, they will not monitor usage of my account without orders from police or FBI. They control IPs, and will not allow static assignment to me. They tell me I am responsible to keep my network secure.

I did report to FBI. The agent I spoke to did not have specific computer network experience; but does consider this very serious. I have been

As unsupported suggests, if this is critical for your work, then hire a professional in to fix you up.

Without knowing the specifics of your case and how you're detecting the compromise, means that only general advice can be offered.

Turn off your wireless until it is locked down so you can prove only your machines are connecting to it. WPA2, mac filtering, the latest firmware (or a new wireless router) and a very long, complex key are a good start.

If you have started from a total fully patched clean system, then you need to lock down your firewall to only allow outbound traffic to a small number of highly trusted IP addresses.

You should be able to point your router and other systems to this image for recording their logs and traffic. This will give you a great understanding of what is happening on your network. The learning curve isn't too bad.

All of these suggestions will cripple your internet experience, but should get you to a safer place or at least give you clear evdience and logs of what is actually happening on your network.

Also, even with the gmail / https suggested, be careful. If whoever is attacking is good enough to be that deep, https / gmail likely isn't going to be 'secure' HTTPS, if the attacker has access to your machines, is actually very easy to get around.

Again, we can only give some advice, and can't really defend for you, etc, but the more specifics you can give, the better we may be able to advise, a bit more.

Last edited by hayabusa on Thu Feb 11, 2010 6:16 pm, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

Ok, let's step back and rewind this a little. What exactly is happening? How are they going after your cable modem, wireless router, phone, etc?

First, most importantly, use least privildge. Log onto the machine as a user account and not an administrator. Only use the admin as needed.

Ok, while everyone else is making suggestions, in addition to your firewall, install a Snort IDS, maybe even a web proxy if you so desire, and definately HIPS on all machines.

Also, you mention the private residential phone is being hacked, is it a VOIP phone or a regular land line (POTS)? You also said they are going after your wireless, which may mean they are local. Use OpenVPN on your wireless in order add another layer encryption over your wireless.

So, this is pretty serious.. you can keep patch working your security back together, but it may come to needing a professional. I am sure we could recommend someone based upon your location.

Either that, or just go to your pantry, grab the tin foil, and make yourself a hat. 'Cause maybe it's The Man.

Last edited by unsupported on Thu Feb 11, 2010 7:10 pm, edited 1 time in total.

All good points by unsupported. And his questions are very valid, and really, to help ANY more than we are, we'd need much more detail on exactly what you're seeing, what data shows you're being hacked, etc.

That said...

Heck, were it me (and it's thankfully not,) I might even consider throwing a honeypot or two on your network, to help keep the person(s) occupied, while you utilize the other tools that were noted, both to protect, and to analyze the attacks to see if you can gather more info about the attacker.

These don't necessarily prevent the access they've gained, but at this point, whomever is doing the deed obviously has a decent grip on your setup and how to get to it, so at LEAST you could throw some 'interesting' stuff into the mix, to buy some time, especially if, for now, you've removed any private data you don't want them to see.

Again, I'd be very wary of people 'close to you,' as, based on the intensity they seem to have in coming after YOU, there's at least a very real chance that they're gunning specifically for YOUR data, for whatever reason. I don't know of many hackers that would target your ISP, your home network, your phone lines, and all, knowing they're adding to the risk of being caught by spending so much effort on one 'home network,' if it's not someone that either knows you, has a bone to pick, is targeting you or your business, specifically, or is very close by, physically, to your home.

After all, you'd said:

"What happened to me is that I stumbled onto something very nasty; and was put into something that is definitely not your usual botnet ( and I am familiar with them )."

I'd follow the advice given here, by unsupported, myself and others, and look for an IT Security professional in your area to look at this. Not your local Best Buy Geek Squad (I know you already know this) or your local repair folks, but someone with more background and experience specifically in Security. If the FBI is asking for more data, then the right people can hopefully help you GET that data. Again, we're here to help where we can, it's just that we can't offer much more than suggestions, without being directly involved in your situation and in possession of more info than we are really privileged to have, or have been given thus far, based on the circumstances.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

Thanks for all your responses. I will read all over very carefully; and please know that I deeply appreciate them. I am sorry, I see I have a weird post here. Weird stuff was going on. I kept being logged-off for no reason; and I actually typed 3 very lengthy posts which I could not post to the forum. The posting window kept jumping all over the place making it a real trick to type at all. My guess is that my posting was possibly being intercepted, or they tried to do so. Nothing new.It appears that only part of 2 posts showed up on the forum; which adds to the confusion. I had to go out, just got back. I will try to give you all some more details, although I feel that I must be somewhat careful.In this post, I will give you some background info on what happened. In the next post, I will give you some examples of what I am seeing which evidences hacking.

1) No, This is not anyone close to me, either in location or otherwise. When this began, I had just moved to this location, from quite a distance away. I literally knew no one. No one has access to my computers, either. There was never a problem at the other residence.

2) Yes, it is safe to say that someone wants to watch me specifically. This is because of my connection monitoring, tracking, documenting, and reporting things all over the place. By ‘all over the place’, I mean places like some specific Computer Tech Forums, Microsoft, the Department of Homeland Security, the FBI. All of this started quite by accident: I literally stumbled onto something. I discovered a Windows Exploit. I observed that someone was ‘marking’ websites with strange icons. I do not mean Favicons. These were odd icons designed specific to each website, that appeared in whatever browser I was using, when I accessed various websites. I first noticed this in OurChurch.com, with Christian Ministry websites; soon, however, I noticed that they were appearing on other website searches as well. I had online friends in 2 different states, and 2 countries also checking these things out for me. The phenomenon was duplicated for everyone. This may have been adding the website owners and their visitors to a botnet. I reported this to Microsoft; they asked me to file a report in a very technical way, I had no idea how to do. I reported this on a few Forums, and kept detailed records. I reported this to the Department of Homeland Security after my posts on the Forums were suddenly intercepted, my email intercepted, or made in accessible. I actually had my printer prevented from printing ( putting ink on the page ) while in the midst of typing a report I actually did manage to email the Department of Homeland Security. I called them and spoke to someone who listened, believed me, and was as helpful as he could be. He could do nothing unless I could verify specific national security threats. He told me to wipe my systems, of course, but that did not help.Shortly after that email and call, my landline home phone service ( private, unlisted number ) was hacked into. My local long distance was eliminated. At the same time, my separate long distance provider service was also hacked into: all long distance in my area code was suddenly removed from my account. My MySpace accounts were made inaccessible. My desktop was then programmed so that I was unable to get online at all.I believe all this was done to keep me from contacting authorities. I left it all intact for forensic reasons. ( It still is intact, I have not used it at all. I use a new laptop at present. ) I have continued to study the 2 laptops and the other desktop connections, files, activities. I have discovered some very disturbing things.

As I mentioned, I went to my local police, who were frightened and completely unable to deal with my situation. They sent me to the State Police. The State Police were cocky and said I should go to the FBI because the phone thing was a federal issue. I contacted the County District Attorney, to try to discover who the county had available for forensics in a case such as this. I was told that this county literally does not have even one person trained and qualified in computer forensics. They told me that if they were faced with some sort of computer crime, they would have to contact the State of PA Forensic people in Harrisburg. ( Now, of course, I realize that there are IT Security people likely working in this county; but they are not available to the public, or private individuals. )Next post, details of what I see in my systems.

The Feds are not going to be interested in your case. They are backlogged at all times. I would need to know what damage has occurred from this incident before I can tell you whether state or local police would be interested. There are quite a few towns in PA, especially around major cities that have forensics capabilities, but I am not yet sure if they would take your case.

I will await more details before I make my final recommendation, but your best bet is to get an attorney and engage a forensics investigator that is trained in intrusions, with the attorney's help.

What you are describing is doable, but it's a lot of trouble for someone to go through to mess with you.

We are looking forward to some details. Don't post any IP addresses, passwords, or any other sensitive information.

Details of what I am seeing, what I am finding, what I am experiencing which evidences hacking:Have to post in parts, as this is so long.

I will just jump in somewhere, as all this is very complex.

1) My Belkin Router page is not accessible. My network name has been changed by the hackers. I had the most security available to that router, but it didn’t help. They are providing a network called Belkin54g which is supposedly unsecured now. This IS going through my ISP, but is being redirected from there.

4) I recently uninstalled ‘Microsoft Network Monitor 3’; which the hackers had installed in this laptop.5) They have enabled all the Remote operations, which I have always kept disabled. I cannot disable any of these; and they enable File and Printer Sharing.6) I disable Windows Messenger, they enable it.7) This log is from Computer Management/Event Properties:WLAN AutoConfig service has successfully connected to a wireless network.

So first note (more to come, as we analyze further and dig more) is that the network they are providing (Belkin54g, as you mentioned) is the default for that router, so it looks as though, at some point, they completely reset it.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

The Feds are not going to be interested in your case. They are backlogged at all times.

( The FBI is interested, but yes, I am completely aware of their extreme workload. )

I would need to know what damage has occurred from this incident before I can tell you whether state or local police would be interested.

( Local and State Police in my area are unable to deal with this, they have told me. The damage is a hacked phone account and constant phone monitoring, my internet service being used by hackers, running up extreme bandwidth, 4 computers being hijacked and being used to hide and channel files, photographs, tv/video, and I believe possible telephone and cell phone communications. I do not believe that the object here is the usual stealing of banking, credit card info, or identity theft. There has been nothing like that with us, as we have never done any sort of online accounting or purchases; and I do not store personal info of that kind on my systems. )

There are quite a few towns in PA, especially around major cities that have forensics capabilities, but I am not yet sure if they would take your case.

( There is nothing anywhere near my location. I have researched this and know where they are. )

I will await more details before I make my final recommendation, but your best bet is to get an attorney and engage a forensics investigator that is trained in intrusions, with the attorney's help.

( I have discussed this with an attorney ( DA ). Nothing can be done as there is no crime per-se; and no way to really identify the hacker or hackers. If out of the US, there is that issue as well. This is in the jurisdiction of the FBI, according to what everyone has told me. My only recourse is police/FBI as far as forensics are concerned; unless someone private wants to take on a challenge, or I learn to do it myself. I have no financial resources to pay an attorney or private forensic specialist in any case; completely impossible. )

What you are describing is doable, but it's a lot of trouble for someone to go through to mess with you.

We are looking forward to some details. Don't post any IP addresses, passwords, or any other sensitive information.

( I posted before that recommendation. Oh well...they already have me hacked in any case. ) I just need to clear and secure, if I can't nail them. I would love to expose and enable prosecution of course, but I am getting sick of this now. )